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CLAIM AMENDMENTS 

1 . (Original) A method to pre-aompilQ configuration information 
tor a network connection device , the method including: 

receiving a rule file defining behavioral requirements for the 
network connection device; 

receiving an operations file describing operations supported by a 
plurality of components of the network connection device; and 

generating a rule program, executable by the network connection 
device, utilizing the rule file and the operations file, 

wherein the rule program compriseis a set of operations, selected 
from operations supported by the plurality of componi^ntfi of the 
network connecLion device, for performance by the respective 
components of the network connection device in accordance with the 
behavioral requirements defined by the rule file. 

2. (original) The method of claim 1 wherein the rule file 
comprises a decision tree structure. 

3- (Original) The method of claim 2 wherein the rule file 
comprises a sequence of operations defined as IF THEN ELSE statements, 

4. (Original) The method of claim 1 wherein the rule file 
comprises a text file* 

5. (Original) The method of claiiti 1 wherein the operations file 
includes a plurality of sections, each section of the plurality of 
sections describing operations supported by a corresponding componexiL 
of the plurality of components. 

6- (Original) The method of claim 1 wherein the operations file 
specifies aL least one process to identify a behavior and at least one 
context to identify a data environment ho support execution of the 
rule program. 

7- (Original) The method of claim I wherein the rule program is 
compiled as a binary object* 
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8. (Original) The method of claim 7 wherein the compiled binary 
object comprises an instruction sequence to be executed by a virtual 
machine hosted by the network connection device. 

9- {Oriyiiiiil) The method of cl^im 1 wherein the set of 
operations that comprise the rule program include configuration 
operations that determine functioning the plurality ot components of 
the network connection devi re- 
in. (Original) The method of claim 1 wherein the rule program 
links an operation of a component to a contextualized set of data* 

n. (Original) The method of claim 1 wherein the rule program is 
authenticated by an authentication authority. 

12- (Original) The method of claim 1 wherein at least a portion 
of the rule program is dedicated to a specific process and context, 
and wherein the generating o£ the rule program includes performing a 
check to determine whether a component and an operation associated 
with the portion of the rule program are compatible with a declared 
process and context of the portion of the rule program- 

13. (Original) The method of claim 1 wherein th« generating of 
the rule prograin Includes compiling the rule program and loading the 
rule program into the network connection device in a manner 
independent of a run-time management program, 

14. (Original) The method of claim 1 including executing the 
rule program utilizing the plurality of components o£ the network 
connection device. 

lb- (Original) The method of claim 14 wherein each component of 
the plurality of components of the network connection device registers 
at least one operation, and the method includes performing a 
consistency check between the oot of operations and the operations 
registered by the plurality of components. 

16-29 (Cancelled) 
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30- (Original) A machine-readable medium storing a sequence of 
instructions that, when executed by a machine, cause the machine to 
perform the method for pre-pre-compiling configuration information for 
a network connection device, the method including: 

accessing a rule file defining behavioral requirements for the 
network connection device; 

accessing an operations file describing operations supported by a 
plurality of components of the network connection device; and 

generating a rule program, executable by the network connection 
device, utilizing the rule file and the operations file, 

wherein the rule program comprises a set of operations, selected 
from operations supported by the plurality of components of the 
network connection device, for performance by the mspect-ive 
GonipoiieiiLs of the network connection device in accordance with the 
behavioral requirements defined by the rule file. 

31. (New) A method of pre-compiling configuration information for 
a network connection device having a plurality of components and 
hosting a virtual machine and a virtual machine compiler, the method 
comprising: 

receiving an operations file at the virtual machine compiler, the 
operations tile identifying at least one component of the plurality of 
components and containing a list of allowed operations associated with 
the one component, 

receiving a rule file at the virtual machine compiler, the rule 
file containing at least one behavioral requirement for controlling 
the network connection device and at least one operation associated 
with the one behavioral requirement , and 

compiling the rule file and the operations file by the virtual 
machine compiler to generate a rule program executable by the virtual 
machine, the rule program conLcilnlng at least one operation, selected 
from the list of allowed operations provided by the operations file 
and corresponding to the one operation contained in the rule file, for 
performance by the one component in accordance with the one behavioral 
requirement . 

32. (New) The method of claim 31 comprising receiving a plurality 
o£ operations files at the virtual machine compiler, each operations 
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file corresponding to a respective compoxieiiL of the network connection 
device and containing a list of operations associated with the 
respective compontMiL, axiti compiling the plurality of operations files 
and the rule file by the virtual machine compiler to generate the rule 
proy i-am. 

33- (New) The method of claim 31 wherein the rule file comprises 
a decision tree .structure. 

34. (New) The method of claim 33 wherein the rule file comprises 
a sequence of behavioral requirements defined as IF THEN ELSE 
statements. 

35. (New) The method of claim 31 wherein the operations file 
includes a plurality of sections, each section of the plurality of 
□cctions describing operations supported by a corresponding component 
of the plurality of components of the network connection device. 

36. (New) The method of claim 31 wherein the operations file 
specifies at least one process to identify a behavior and at least one 
context to identify a data environment to support execution of the 
rule program. 

37. (New) The method of claim 31 wherein the one operation 
contained in the rule program is a configuration operation that 
determines functioning of the plurality of components of the network 
connection device. 

38. (New) The method of claim 31 wherein the rule program links 
an operation of a component to a contextualized set of data. 

39. (New) The method of claim 31 comprising authenticating the 
rule program by an authentication authority. 

40. (New) The method of claim 31 wherein at least a portion of 
the rule program is dedicated to a specific process and context, and 
wherein the virtual machine compiler performs a check to determine 
whether a component and an operation associated with the portion of 
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the rule program are compatible with a declared process and context of 
the portion of the rule program, 

41 . (New) The method of claim 31 wherein the virtual machine 
compiler compiles the rule program and loads the rule program into the 
network connection device in a manner independent of a run-time 
management program. 

42, (New) A method of operating a network connection device for 
receiving network traffic and transmitting the network traffic 
according to a policy determined by rules, the network connf»rtion 
device having a plurality of coiuponents and hosting a virtual machine 
and a virtual machine compiler, the method compr i si ng: 

xeceiving an operations file at the virtual machine compiler, the 
operations file identifying at least one component of the plurality of 
components and containing a list of allowed operations associated with 
the one component , 

receiving a rule file at the virtual machine compiler, the rule 
file containing at least one behavioral requirement for controlling 
the network connection device and at least one operation associated 
with the one behavioral requirement, 

compiling the rule file and the operations file by the virtual 
machine compiler to generate a rule program executable by the virtual 
machine, the rule program containing at least one operation, selected 
from the list of allowed operations provided by the operations file 
and corresponding to. the one operation contained in the rule file, for 
performance by the one component in accordance with the one behavioral 
requirement, and 

executing the rule program and thereby controlling Lhe behavior 
of the network connection device. 
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